CVE-2022-50492
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: fix use-after-free on probe deferral
The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down (e.g. after a second late bind deferral).
Given enough bridges and a few probe deferrals this could currently also lead to data beyond the bridge array being corrupted.
Patchwork: https://patchwork.freedesktop.org/patch/502665/
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a3376e3ec81c5dd0622cbc187db76d2824d31c1c < 0a30a47741b6df1f9555a0fac6aebb7e8c363bad | affected |
| Linux | Linux | a3376e3ec81c5dd0622cbc187db76d2824d31c1c < 6808abdb33bf90330e70a687d29f038507e06ebb | affected |
| Linux | Linux | 3.12 | affected |
| Linux | Linux | 0 < 3.12 | unaffected |
| Linux | Linux | 6.0.7 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/0a30a47741b6df1f9555a0fac6aebb7e8c363bad
- https://git.kernel.org/stable/c/6808abdb33bf90330e70a687d29f038507e06ebb
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.